Browse:

Bad Rabbit Ransomware Hops to Eastern Europe, Turkey and Germany

On Oct. 24, 2017, a new strain of ransomware, being referred to as Bad Rabbit, was used in a widespread campaign which reportedly caused issues for many enterprises and infrastructure such as airports and train stations in Eastern Europe, Turkey and Germany.

Analysis of the malware code has found similarities with previous large-scale ransomware attacks such as NotPetya and Petya. However, this malware does not use the EternalBlue exploit to propagate. This malware also appears not to be destructive as NotPetya was, it is purely ransomware.

A number of websites were compromised in Eastern Europe and Turkey and redirected users to a site serving a drive-by download of a fake Adobe Flash Player update. The drive-by download server was taken offline after approximately 6 hours.

The ransomware requests an initial ransom of 0.05 Bitcoin (US$274.86) which increases the longer the ransom goes unpaid.

As is common with recent ransomware, it encrypts the Master Boot Record on the victim’s hard drive rendering it unusable until the ransom is paid, after first encrypting files with the extensions of:

Bad Rabbit is spread via compromised websites redirecting to a drive-by download of the malware claiming to be an Adobe Flash Player update.

This malware also contains a list of weak passwords which it can utilize to propagate over the network. It does not utilize any exploits.

As this attack initially requires a user to execute the fake Adobe Flash Player update, end-user education is always a critical component of securing a corporate environment

When/How Did BluVector Detect It?

BluVector’s machine learning malware detection engine detects the fake Adobe Flash Player update as malicious. Regression testing has shown the file would have been detected by BluVector 10 months prior to its release.

Bad Rabbit Ransomware Hops to Eastern Europe, Turkey and Germany was last modified: May 4th, 2018 by Threat Research Team

BluVector’s Threat Report is written by BluVector’s expert security team, tasked with identifying the latest cybersecurity threats in the wild and when our solution would protect customers from those threats. Read more Threat Reports here.